What is 21 CFR in SCADA and HMI Systems?

Generally, they are food and pharmaceuticals. Every country's FDA (Food & Drug Administration) regulatory board creates a compliance standard for a system to run. Systems are not allowed to run without this compliance. This compliance is known as 21 CFR part compliance.

CFR stands for Code of Federal Regulations.

The 21 CFR standard is partially or fully integrated into almost all SCADA systems. Partially means that some coding is required by the programmer to complete the remaining points.

21 CFR System

• The 21 CFR system ensures that the machine is running under the right regulations, rules, and standards.

• It is considered trustworthy because it records data with electronic signatures that are more accurate compared with handwritten records on paper.

• In SCADA systems, we can find 21FCR covering a variety of topics.

User Management

• It is the key feature of 21FCR. Basically, it monitors and controls the activity of the operator who is operating the system.

• SCADA systems have multiple set parameters. For each parameter, a user-level must be assigned to enable its operation.

• An authority group must be able to create and delete users from other groups. Cut, copy, paste, delete, etc. of files must not be permitted to unauthorized users.

Password Policy

• The accounts and users must all be password-protected. Password setting criteria must be available in the system; such as minimum characters, types of characters, password length, etc.

• The last five passwords (just an example) are not acceptable. After generating a User ID, the system should always prompt the user to change the password on the first login attempt.

• Only a higher-level group can block or unblock a user. The system should automatically limit and record the number of failed login attempts.

• Immediately after the password expiry date is reached, users must be asked to change their passwords on a regular basis, but before changing, they must be reminded a few days beforehand.

Audit Trail

• One of the purposes of 21 CFR is to track all modifications made to SCADA systems. This is called an audit trail.

• All changes must be documented with the appropriate date and time stamp. This audit trail should also not be editable in any way. Another feature is the ability to sign documents using an electronic signature.

• Before changing any of the parameters, an electronic signature must be created so that the system can determine who the user was.

Electronic Data and its Storage

• Since data is such a key aspect of 21 CFR, its security and storage access is crucial.

• Only authorized users should have access to the SCADA computer's file storage pathways. It should not be possible to alter the data that has been generated. The PC's disk partitions must be set up correctly in order for data to be stored properly.

• Aside from these, there are a few additional broad variables to consider. When a data report is generated, the name of the operator who generated the report, as well as the date and time, should be included.

• Before updating any parameter, it should inquire as to why the parameter is being changed. The operator is unable to edit the parameter without first giving the reason.

• Only a few people should have access to your file storage.Only authorized users should have access to the file storage. With date and time stamps, all alarms and events must be correctly recorded.

• The 21 CFR standard's sole objective is to ensure that the system's integrity is maintained. Given the importance of the food and pharmaceuticals industry, a thorough examination of these systems is required.